[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] RAQ3 vulnerabilities
- Subject: Re: [cobalt-security] RAQ3 vulnerabilities
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Wed, 5 Dec 2001 15:51:57 +0100
- Organization: Stauber Multimedia Design
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Steve,
> I'm probably bringing this to the point of being off-topic, but whether the
> page content is dynamic or not, the size and checksum of the actual files
> on the server won't change unless the files themselves are edited.
Yes, but the templates, header and footer files and most of the not so static
information is stored in a MySQL database on most dynamic files. So it's hard
to detect a defacement with scans unless you scan for the presence of certain
keywords as Gary suggested here.
But I'm more worried about other server issues than those which not actually
compromise the server but just the hosted data, so this has a low priority on
my to-do list. I'm currently building a PKG for the RaQ3 with an Apache
update, MySQL, PHP, Zend Optimizer and gd-lib update. Next after that is a
replacement for Sendmail which will retire in favour of Postfix and an
included Email virus scanner, but that will most likely not be a PKG as it
would involve too much scripting effort for the setup process. And I don't
even want to think about an uninstall script for that one <g>.
--
With best regards,
Michael Stauber
SOLARSPEED.NET